Maintaining HIPAA and HITECH Compliance with Cloud Desktops

Today’s healthcare organizations are facing pressure to improve staff productivity and patient care through streamlined access to electronic health records (EHRs) while complying with strict regulations for protected health information (PHI) under HIPAA and HITECH. This pressure will only escalate as medical professionals increasingly rely on personal devices such as tablets and smart phones for convenient access to patient information. The use of these devices often poses a risk for PHI data to be lost, stolen or hacked, leading to severe fines from the HHS Office of Civil Right. Case in point – Anchorage Community Mental Health Services (ACMHS) was recently ordered to pay a $150,000 fine and integrate an action plan to meet HIPAA compliance after the organization had more than 2,700 electronic health information compromised in a cyberattack.

Our latest white paper, Enhancing Staff Productivity and HIPAA/HITECH Compliance with Cloud Desktops outlines the challenges of securing user devices that contain PHI. It also describes how cloud desktops overcome these challenges while resolving the conflicts between greater access to PHI and HIPAA and HITECH compliance. Following are some highlights from the white paper. Click here to download your copy.

The challenges of securing PHI in mobile devices

Approximately 80 percent of clinicians are using some type of mobile device (tablet or smart phone) to support their daily activities, in addition to the desktop and/or laptop they use at their office. Any IT professional will tell you, the most difficult aspect of supporting these devices involves making the PHI they contain secure from accidental or malicious disclosure should the device be lost, stolen or hacked.  The use of weak passwords, backing up unencrypted PHI onto a USB device or web-based storage device and a general laxness in updating operating systems and anti-malware software exacerbate the matter. How serious is the problem? According to Gartner, approximately 90 percent of successful cyber attacks exploit existing vulnerabilities for which a patch, update or secure configuration is already available.

The rapid adoption of cloud desktops for HIPAA and HITECH compliance

The use of cloud desktops can be a win-win situation for healthcare providers and their IT colleagues. Cloud desktops provide healthcare providers with roaming access to medical applications and patient information. PHI is stored and accessed through a secure, centralized cloud environment instead of distributed on PCs, laptops, tablets and smartphones throughout the hospital. Convenient access to patient information means less time searching for patient information and more time actually caring for the patients.

In addition, cloud desktops simplify compliance with HIPAA and HITECH regulations by streamlining device management and fully controlling the way PHI is stored within a secure data center. The healthcare organization’s IT department retains full control over user access privileges and authentication provisions, even with hosted cloud desktop services. Should an employee or contractor leave or be terminated, IT only needs to delete the user from the environment to terminate any and all access.

In addition to addressing security and compliance concerns, the use of cloud desktops also helps to lower IT costs.  The combination of reduced operational expenses (OpEx) and minimal capital expenses (CapEx) yields a typical total cost of ownership (TCO) of 30 percent or more.

The factors described above have led to a rapid adoption of cloud desktops in the healthcare industry – from approximately 35 percent in 2011 to 52 percent in 2014.

Interested in learning how the adoption of cloud desktops can help your organization streamline costs, enhance staff productivity and help to meet HIPAA and HITECH compliance regulations? Download our white paper for more information. You can also contact HOSTING any time to discuss your specific needs.


Leave a Reply

Your email address will not be published. Required fields are marked *